vulnerability
FreeBSD: VID-5555120d-ba4d-11e6-ae1b-002590263bf5 (CVE-2016-9384): xen-kernel -- guest 32-bit ELF symbol table load leaking host data
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Dec 4, 2016 | Dec 4, 2016 | Mar 25, 2026 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Dec 4, 2016
Added
Dec 4, 2016
Modified
Mar 25, 2026
Description
The Xen Project reports: Along with their main kernel binary, unprivileged guests may arrange to have their Xen environment load (kernel) symbol tables for their use. The ELF image metadata created for this purpose has a few unused bytes when the symbol table binary is in 32-bit ELF format. These unused bytes were not properly cleared during symbol table loading. A malicious unprivileged guest may be able to obtain sensitive information from the host. The information leak is small and not under the control of the guest, so effectively exploiting this vulnerability is probably difficult.
Solution
freebsd-upgrade-package-xen-kernel
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.